Vulnerabilities > Dreamer CMS Project > Dreamer CMS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-13 | CVE-2023-48063 | Cross-Site Request Forgery (CSRF) vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3 An issue was discovered in dreamer_cms 4.1.3. | 4.3 |
| 2023-09-27 | CVE-2023-43857 | Cross-site Scripting vulnerability in Dreamer CMS Project Dreamer CMS 4.1.3 Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex. | 5.4 |
| 2023-09-03 | CVE-2023-4743 | Files or Directories Accessible to External Parties vulnerability in Dreamer CMS Project Dreamer CMS A vulnerability was found in Dreamer CMS up to 4.1.3. | 4.8 |
| 2023-03-30 | CVE-2023-1746 | Cross-site Scripting vulnerability in Dreamer CMS Project Dreamer CMS A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. | 5.4 |
| 2023-03-16 | CVE-2023-27084 | Incorrect Permission Assignment for Critical Resource vulnerability in Dreamer CMS Project Dreamer CMS 4.0.1 Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter. | 5.3 |
| 2023-01-26 | CVE-2023-0513 | Cross-site Scripting vulnerability in Dreamer CMS Project Dreamer CMS A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. | 5.4 |